Upload
yong
View
216
Download
1
Embed Size (px)
Citation preview
February 2013, 20(1): 58–65 www.sciencedirect.com/science/journal/10058885 http://jcupt.xsw.bupt.cn
The Journal of China Universities of Posts and Telecommunications
Anonymous authentication scheme of trusted mobile terminal under mobile Internet
ZHANG De-dong1, 2 ( ), MA Zhao-feng1, 2, NIU Xin-xin1, 2, Peng Yong3
1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876, China 2. National Engineering Laboratory for Disaster Backup and Recovery,
Beijing University of Posts and Telecommunications, Beijing 100876, China 3. China Information Technology Security Evaluation Center, Beijing 100085, China
Abstract
In order to solve the contradictions between user privacy protection and identity authentication, an anonymous authentication scheme under mobile Internet is proposed, which is based on the direct anonymous attestation of trusted computing and uses the encrypting transfer and signature validation for its implementation. Aiming at two access mode of trusted mobile terminal under mobile Internet, self access and cross-domain access, the authentication process of each mode is described in details. The analysis shows that the scheme implements anonymous authentication on mobile Internet and is correct, controllable and unforgeable.
Keywords trusted platform module, anonymous authentication, strong RSA assumption, remote attestation
1 Introduction
Mobile communications are a rapidly growing segment of the communications industry. It provides high-speed and high-quality information exchange between portable devices located anywhere in the world and has brought us great convenience. However, network security issues are outstanding increasingly. Identity authentication has become one of the key technologies to ensure the security of the mobile internet. The following issues exist in the authentication.
1) Internet service providers (ISP) only allow the authenticated users to access the services. However, mobile users do not want their own confidential information (such as: identity, movement trajectories, Received date: 14-05-2012 Corresponding author: ZHANG De-dong, E-mail: [email protected] DOI: 10.1016/S1005-8885(13)60008-4
current position) to be exposed. 2) Even if the user’s identity is legitimate, it does not
mean that the mobile terminal is secure. In some Internet services, such as mobile e-commerce,
they not only need to authenticate the user’s identity, but also authenticate the credibility of the mobile terminal. At present, many anonymous authentication schemes have been proposed. However, majority of the schemes only authenticated the user’s identity, lacking validation of the credibility of mobile terminal in Refs. [1–7]. In Ref. [8], an authentication scheme was proposed which realized the mutual authentication between the trusted mobile terminal and subscriber identity. However, it did not solve the problem that the user and mobile terminal as a whole accessed to network. In Ref. [9], Wu et al. proposed an anonymous authentication scheme, in which the mobile user needed to send temporary public key certificate to foreign agent before each authentication. The
Issue 1 ZHANG De-dong, et al. / Anonymous authentication scheme of trusted mobile terminal under mobile Internet 59
authentication schemes proposed in Refs. [10–11] realized trusted authentication of mobile terminal. However, each access of mobile terminal needed the help of policy decision point (PDP) in Ref. [10] or home agent (HA) [11], which increased the computation of PDP or HA. In Ref. [12], Liu et al. proposed an anonymous authentication scheme which was based on the direct anonymous attestation. However, the scheme was linkable and the trajectory of mobile user could be easily identified.
Based on the direct anonymous attestation, this paper proposes an anonymous authentication scheme. Both user’s identity and mobile terminal’s creditability are authenticated. It meets the demands of identity authentication, creditability validation and privacy protection.
The paper is organized as follows. In Sect. 2, we give an introduction of trusted computing and remote attestation. In Sect. 3, network model of anonymous authentication is proposed. In Sect. 4, we propose an anonymous authentication scheme. The security and performance of the scheme are analyzed in Sect. 5 and some conclusions follow in Sect. 6.
2 Trusted computing and remote attestation
Trusted computing is developed and promoted by the Trusted Computing Group (TCG) [13]. The key of the trusted computing is to embed the trusted platform module (TPM) into terminal equipment to realize credibility validation. TPM includes a secure cryptoprocessor and a hardware pseudo-random number generator. The secure cryptoprocessor is used to store cryptographic keys. TPM contains several terminal configuration registers (PCRs) that store the integrity information of terminal equipment. When the system starts, TPM measures the hardware and software of the terminal equipment and writes the measurement results into PCRs. PCRs’value is used to prove the credibility and integrity of the terminal equipment. TPM can provide multi-group signature key including endorsement key (EK) and attestation identity key (AIK). EK is generated and injected into the TPM by the TPM’s manufacturer and each TPM is associated with a unique EK. Each TPM can
generate multiple AIKs. In the remote attestation, TPM uses the private key of AIK to sign the PCR values to ensure the authenticity of it.
3 Network model of anonymous authentication
As shown in Fig. 1, the model mainly includes trusted certification authority (TCA), policy management (PM), internet service provider (ISP) and mobile terminal (MT). TCA is responsible for issuing digital certificates for each PM. PM is responsible for authenticating the identity of mobile terminal of home network, and issuing the trusted certificate for the mobile terminal. ISP is responsible for providing services for legitimate and credible mobile terminal. MT, embedded TPM, sends the service requests to the network through wireless.
Fig. 1 Network model of anonymous authentication
4 Proposed scheme
4.1 Initialization
The initialization process is described as follows: Step 1 PM generates a modulus of RSA n pq= ,
where 2 1p p′= + , 2 1q q′= + , p , q , p′ , q′ are all
prime numbers. Step 2 PM selects ng RQ′∈ and random integers
, , , , , , z s h gx x x x x k t and calculates mod ,gxg g n′=
mod ,hxh g n′= mod ,sxS h n= mod ,zxZ h n= modxR S n= ,
60 The Journal of China Universities of Posts and Telecommunications 2013
modkM h n= , modtN h n= . Step 3 PM generates random numbers ρ and ,Γ
12 2l lΓΓ Γ− < < , 12 2l lρ ρρ− < < , where lρ stands for the length of ρ , lΓ for the length of Γ . Let 1rΓ ρ= + , and ensure that r cannot be divided evenly by ρ .
Step 4 PM generates random number γ ′ , let *RZΓγ ′∈ ,
( 1) / 1modΓ ργ Γ−′ ≠ , calculate ( 1) / modiΓ ργ γ Γ−′= . Step 5 PM saves private key ( , , , )p q k t′ ′ and issues
public key pub ( , , , , , , , , , , , )P n g g h S Z R M N γ Γ ρ′= in home
network and sends it to TCA. The PMs of each subnet should generate their own public key and private key as above.
Step 6 PM selects random number Px as his private key and computes his public key P
Pxy g ′= .
Step 7 ISP selects random number Ix as his private key and computes his public key I
Ixy g ′= .
Step 8 MT selects random number Mx as his private key and computes his public key M
Mxy g′= . TPM
generates the attestation identity key pair AIK AIK( , )x y according to endorsement key, where AIKy stands for public key and AIKx for private key.
Step 9 TCA generates digital certificate for all the PMs, The certificate’s format is expressed as follow: PMC =
priP pub date P pub date{PM, , , , (PM, , , )}Tx P D E x P D , where dateD
stands for validate of PM’s certificate, priT stands for the private key of TCA and ( )xE stands for encrypting with
the x.
4.2 Registration in the home network
Registration includes two aspects: 1) MT registration. When a new MT joins to the home
network, it sends identity MT to the local PM. PM checks whether the identity belongs to the network or not. If it does, PM generates a random number N, calculates
MTID (MT || ) PMH N= ⊕ as the communication identifier, sends MTID to MT and saves the mapping between MT and MTID .
2) ISP registration. ISP within the local network sends the services which it can provide to the local PM. PM verifies the service, assigns a unique code j in the entire network, issues the code and saves the mapping between
ISP and j.
4.3 Anonymous authentication in the home network
1) Trusted authentication: when MT applies for services for the first time, PM authenticates MT’s identity and issues the trusted certificate to MT.
Step 1 MT sends the creditability information, integrity information, identity information and the required service to PM.
a) TPM generates random number f, calculates modfU R n= and the integrity metric value PCR of the
mobile terminal, gets the AIK certificates AIKC and attribute certificates attC from the certification authority, calculates
AIK AIK att( || || PCR || )xE C C Uδ = and sends
them to MT. b) MT computes msg1 MT AIK att(ID , , ,PCR, , ,M C C U j= )δ and sends it to PM, where j stands for the required
services code. Step 2 PM verifies the creditability and identity of MT,
and issues trusted certificate a) Receiving msg1M , PM decrypts δ with AIKy ,
authenticates the creditability and identity according to MTID , AIKC , attC and PCR, and checks whether the user
has subscribed to the service j and the service is within valid period or not.
b) If MT has subscribed to the service and the service is within valid period, PM generates random number v and prime number 1 1 1[2 ,2 2 ]e e el l le ′− − −∈ + , and calculates
( ) ( )( )date1/
modevS kA Zj US h n= , s ke t= + , where el is
the size of e, dateS is the valid period for accessing the service j, and ( , , )A e s is a trusted certificate of MT for
accessing to the service j. c) PM calculates
Pmsg2 date(( , , ), , )xM E A e s v S= and
sends it to MT. 2) Anonymous authentication: the anonymous mutual
authentication between MT and ISP is done in the phase. It includes signature protocol and validation protocol.
Step 1 Signature protocol a) Receiving msg2M , MT decrypts it with py ,
generates random numbers w, r and calculates 1T = modwAh n , 2 modw e rT g h g n′= .
Issue 1 ZHANG De-dong, et al. / Anonymous authentication scheme of trusted mobile terminal under mobile Internet 61
b) TPM generates random numbers vr , fr , calculates vf
1t modrrT R S n= and sends 1tT to MT. c) MT generates random integers er , ewr , sr , eer , wr ,
rr , err and calculates e ew s1 1 1 modr r r
tT T T h h n−= , 2T = w e r modr r rg h g n′ , e ew ee er
2 2 modr r r rT T g h g n−′ ′= . d) MT generates random number vn , calculates
h v 1= ( || || || || || || || || || || || || || ( ||c H n g g h R S Z M N n Tγ ρ′ Γ
2 1 2 2) || ( || || ))T T T T ′ and sends hc and msg2M to TPM. e) TPM decrypts msg2M with py , checks whether
dateS is expired or not. If dateS is within the validity period, TPM generates random integer tn , calculates
h t( || )c H c n= , v v dates r cvS= + , f fs r cf= + and sends
t v f( , , , )c n s s to MT.
f) MT calculates e 1e e + ( 2 )ls r c e −= − , 2
ee ee +s r ce= ,
w w +s r cw= , ew ew +s r cew= , r r +s r cr= , er er +s r cer= ,
s ss r cs= − , generates signature 1 2(( || ) || ||T T cσ =
v t v f e ew ee er w r s|| || ( , , , , , , , , ))n n s s s s s s s s s and sends σ to
ISP. Step 2 Validation protocol a) Receiving the message σ , ISP calculates:
1ee v s ewf2
1 1ˆ ( ) mod
ls c s s ssc cT Z j T R S h N h n−+ −−=
1ew e r2
2 2ˆ mod
ls ss ccT T g h g n−+− ′=
1e2eew ee er( )
2 2ˆ mod
ls c s s sT T g h g n−+−′ ′=
b) ISP verifies whether or not the equation holds: ( ( || || || || || || || || || || ||c H H n g g h R S Z M N γ Γ′=
v 1 2 1 2 2 tˆ ˆ ˆ|| || ( || ) || ( || || )) || )n T T T T T nρ ′
If it holds, it is convinced that MT holds the trusted certificate issued by the PM, so ISP allows MT to access the service.
3) Fast re-authentication process: within the valid period of service, MT generates the different signature value σ by re-generating random number, which can provide identity anonymity and prevent the tracking of the attacker. The signature protocol and validation protocol of fast re-authentication is similar to that in anonymous authentication.
4.4 Anonymous authentication in the foreign network
Cross-domain service access is divided into two steps in Ref. [14], namely: roaming authentication and service
request. Roaming authentication refers that MT roams to a foreign network and attempts to access to the network. Service request refers that MT has entered into the foreign network and requests to access the service of ISP. Let TD-I and TD-K stand for the different network, PMi , MTi , ISPi for the PM, MT and ISP of TD-I respectively and PMk , MTk , ISPk for the PM, MT and ISP of TD-K respectively. Supposing mobile terminal MTi will apply service of ISPk . The process is described as
follow. 1) Roaming authentication: when MTi roams to the
TD-K network, MTi applies the trusted certificate ( , , )A e s′ ′ ′ for accessing to the TD-K network. He generates signature valueσ ′ and sends ( ,TD-I)σ ′ to PMk . PMk applies for the digital certificate of PMi to obtain
the public key of TD-I, and authenticates the identity and credibility of MTi according to public key of TD-I. The
process is similar to that the anonymous authentication in the home network.
2) Service request: after PMk authenticates the identity and credulity of MTi , it issues the trusted certificate ( , , )A e s′′ ′′ ′′ to MTi for accessing to ISPk . MTi and ISPk can implement the anonymous authentication by using the trusted certificate. ISPk can
authenticate the identity and credibility directly. If authentication is successful, ISPk is convinced that MTi is security, and allows MTi accessing the service. The
process is similar to that in anonymous authentication in the home network.
5 Scheme analyses
5.1 Correctness analysis
The correctness of the scheme is proved by verifying the equations 1 1T̂ T= , 2 2T̂ T= and 2 2T̂ T′ ′= are correct.
1ee v s ewf
e v s ewf
date v e s ewf
v s e ewf
e ew s
21 1
1
1( )
1
1 1
ˆ ( ) mod
( ) mod
( ) mod
mod
m
ls c s s ssc c
r ce s s ssc c
v S s r s rsc cke c
r r c ke t r rr cl cke
r r rt
T Z j T R S h N h n
Z j T R S h N h n
US h R S T h N h n
R S h h h T h n
T T h h
−+ −−
+ −−
−−
− + −
−
= =
=
=
=
1od n T=
62 The Journal of China Universities of Posts and Telecommunications 2013
1ew e r
1ew e r
1ew e r
w e r
22 2
2
( 2 )
2
ˆ mod
( ) mod
mod
mod
l
l
l
s s c sc
s s c sw e r c
s cw s c e s cr
r r r
T T g h g n
g h g g h g n
g h g n
g h g n T
−
−
−
+−
+−
− − − −
′= =
′ ′ =
′ =
′ =
1ee ew ee er
e ew ee er
2e ew ee er
e ew ee er
( 2 )2 2
2 2
2
2 2
ˆ mod
mod
mod
mod
ls c s s s
r s s sce
r s cew s ce s cer
r r r r
T T g h g n
T T g h g n
T g h g n
T g h g n T
−− +
− −
− − − −
−
′ ′= =
′ =
′ =
′ ′=
This shows that the scheme is correct.
5.2 Anonymity analysis
Anonymity includes two characteristics, namely identity anonymity and unlinkability.
1) Identity anonymity: ISP cannot infer the signer’s identity from the signature σ .
2) Unlinkability: given the signatures σ and σ ′ ( σ σ ′≠ ), ISP cannot distinguish whether they are generated by the same signer.
When the user registers in the home network, PM generates the communication identifier MTID for MT.
Only getting the number N can the entity calculate the true identity, so any entity except the user and PM cannot get MT’s identity. In the anonymous authentication, MT uses the different blind factors to make the ( , , )A e s blind and
proves it to ISP by zero-knowledge proof protocol. So ISP couldn’t obtain the detail information about MT. In fast re-authentication, MT generates a different signature σ ′ by re-generating the random numbers. Given the signature
1 2 v t v f e ew ee er w r s(( || ) || || || || ( , , , , , , , , )),T T c n n s s s s s s s s sσ = we can find that all of the elements inσ are generated based on random numbers, so ISP and attackers cannot distinguish whether or not these different signatures are generated by the same MT. So the scheme possesses the properties of anonymity.
5.3 Controllability analysis
In the proposed scheme, controllability refers to that MT can only access the required service within the validity period according to the trusted certificate ( , , )A e s .
Proof Assume that the MT with the trusted certificate ( , , )A e s want to access the service j′ over the validity
period, where j j′ ≠ . MT calculates 1T , 2T , 1T , 2T ,
2T ′ and hc as usual, and sends hc to TPM. TPM checks whether dateS has expired or not. If dateS has expired, TPM does not calculate c, t ,n vs , fs . As f fs r cf= +
includes the secret number f, MT can only solve f through U. However, MT cannot solve f through U under the strong RSA assumption. Therefore, MT cannot generate signature correctly. Even If dateS is within the validity period, MT cannot generate the signature for access the service j′ . When dateS is within the validity period checks, TPM calculates c, tn , vs , fs and sends them to MT. MT calculates es , ews , ees , ers , ws , rs , ss and the
signature 1 2 v t v f e ew ee er w r s(( || ) || || || || ( , , , , , , , , ))T T c n n s s s s s s s s sσ =
and then sends σ to ISP′ . ISP′ calculates: 1e
e v s ewf
date v e s ewf
e ew s
21 1
1
1 1 1
ˆ ( ) mod
( ) mod
mod
ls c s s ssc c
cv S s r s rsc ct cke c
cr r r
t
T Z j T R S h N h n
jUS h h R S N T h h nj
jT T h h n Tj
−+ −−
−−
−
′= =
⎛ ⎞ =⎜ ⎟′⎝ ⎠
⎛ ⎞ ≠⎜ ⎟′⎝ ⎠
v( (( || || || || || || || || || || || || ||c H H n g g h R S Z M N nγ Γ ρ′≠
1 2 1 2 2 tˆ ˆ ˆ( || ) || ( || || )) || )T T T T T n′ , validation fails. So mobile
terminal can only access the required service within the validity period according to the trusted certificate ( , , )A e s .
5.4 Unforgeability analysis
Unforgeability includes two aspects: 1) The attacker cannot forge the trusted certificate
( , , )A e s . 2) The attacker having the trusted certificate ( , , )A e s
cannot generate the signature on behalf of MT. Proof In order to forge the trusted certificate ( , , )A e s ,
the attacker has to know ( , )k t to calculate A and s. However, ( , )k t is the private key of PM. Assume the attacker forge ( , )k t′ ′ and generates the trusted certificate ( , , )A e s′ ′ ′ and sends them to MT, where
( ) ( )( )date1/
modev S kA Z j US h n′
′= and s k e t′ ′ ′ ′= + . MT
Issue 1 ZHANG De-dong, et al. / Anonymous authentication scheme of trusted mobile terminal under mobile Internet 63
and TPM generate some random numbers, calculates es ,
ews , ees , ers , ws , rs , ss , generates the signature
1 2 v t v f e ew ee er w r s( || ) || || || || ( , , , , , , , , )T T c n n s s s s s s s s sσ = and
sends it to ISP. ISP calculates 1e
e v s ewf
e v s ewf
v s e ewf
e ew s
21 1
1( )
1
( )1 1 1
ˆ ( ) mod
( ) mod
mod
mod
ls c s s ssc c
r ce s s ssc c
r r c k e t r rr ct ck e
r r r c t tt
T Z j T R S h N h n
Z j T R S h N h n
R S h h h T h n
T T h h h n T
− ′+ −−
+ −−
′ ′′ ′ − + −
′− −
= =
=
=
≠
v( ( || || || || || || || || || || || || ||c H H n g g h R S Z M N nγ Γ ρ′≠
1 2 1 2 2 tˆ ˆ ˆ( || ) || ( || || )) || )T T T T T n′ , validation fails. The attacker
cannot solve it according to the public key ( , )M N too,
otherwise it contradicts the strong RSA assumption. So the attacker cannot forge the trusted certificate ( , , )A e s
correctly. The attacker having the trusted certificate ( , , )A e s cannot generate the signature correctly too and
the proof is similar to the proof of controllability. So the scheme satisfies unforgeability.
5.5 Performance analysis
5.5.1 Safety function analysis
We compare our scheme with other anonymous authentication scheme in safety function. The results are shown in Table 1, where Y refers to having the function and N refers to not having the function.
Table 1 Safety function analysis
Scheme Safety function Li et al.’s scheme
in Ref. [6] Wu et al.’s scheme
in Ref. [10] Yang et al.’s scheme
in Ref. [11] Liu et al.’s scheme
in Ref. [12] Our scheme
User anonymity Y Y Y Y Y
Mutual authentication Y Y Y Y Y
Terminal credibility validation N Y Y N Y
Domain separation N Y Y N Y
Roaming authentication N Y Y N Y
Direct anonymous attestation N N N Y Y
Based on the data in Table 1, compared with traditional anonymous authentication scheme [6], our scheme not only realizes the basic security requirement (such as: user anonymity, mutual authentication), but also increases the functions of credibility validation and roaming authentication, which can protect ISP from the security threats. Compared with Wu et al.’s scheme [10] and Yang et al.’s scheme [11], our scheme increases the function of terminal direct anonymity attestation, which can resist the collusive attack from PM and ISP. Compared with Liu et al.’s [12] scheme, our scheme realizes the functions of credibility validation, domain separation and roaming authentication, which is more in line with the actual situation of mobile internet. In short, compared with the existing schemes, the proposed scheme
has more safety function and provides a high level of security.
5.5.2 Computing performance analysis
We only compare the proposed scheme with that of Liu et al. [12] from efficiency because these two schemes are both based on direct anonymous attestation protocol. The results are shown in Table 2, where H stands for Hash operation, EK for asymmetric encryption operation, DK for asymmetric decryption operation, Gn for mod n operation and Gm
n for mod n operation of product of
m-exponential operation.
64 The Journal of China Universities of Posts and Telecommunications 2013
Table 2 Computing performance analysis
Scheme Calculation
Liu et al.’s scheme in Ref. [12] Our scheme
PM’s calculation EK+3DK+3H+m GΓ + 2GΓ + 2Gn + 4Gn DK+EK+ 3Gn
MT’s calculation DK+3EK+4H+ 2GΓ + Gn + 22Gn + 32Gn + 4nG EK+DK+H+ Gn +2 3Gn +2 4Gn
TPM’s calculation H+ 6GΓ +3 3Gn DK+H+ 2Gn
ISP’s calculation 3H+ 22GΓ + 42Gn + 6Gn + Gm Γ 2H+2 4Gn + 7Gn
Based on the data in Table 2, this scheme reduces
anonymous authentication between MT and PM of home network, which is more in line with the actual situation of mobile internet and reduces some computations. In addition, as MT applies for the trusted certificate from PM, PM has verified the credibility and identity of MT. Only verified, PM can issue the trusted certificate to MT, so PM and ISP do not need to check whether MT is in their fraud lists, which can reduce Gm Γ computations. In a word, this
scheme has a higher efficiency and meets the need for services access of mobile terminal under mobile internet.
5.6 Experiment results
We realize the function of the scheme using Visual C++ and OpenSSL to test the efficiency. The test environment was three PCs with i3 2 350 M CPU, 2 GB DDR3 memory, and Windows 7 operating system. We use the three PCs to simulate the PM, ISP and MT respectively and select four groups of users. Each group has Nτ users, where
1 10N = , 2 80N = , 3 600N = , 4 5000N = .
In a period of time, MT needs to apply only once for the service, so the access efficiency of MT cannot be considered. A large number of users may apply the services from ISP at the same time, so the response efficiency of ISP is measured in the experiment. We test the response efficiency of ISP using the four groups of users. In the first case, the users access ISP directly. In the second case, the users access ISP using the proposed scheme. The users in each group access the ISP in the same time. The results are summarized in Fig. 2. In Fig. 2 the horizontal axis stands for the group users; the vertical axis stands for response time of accessing services. Curve 1 stands for the experiment results of the first case. Curve 2 stands for the experiment results of the second
case.
Fig. 2 Experiment results of response time
As shown in Fig. 2, with the number of users increasing, the response efficiency has not fallen significantly. In the second case, the users access ISP using the proposed scheme. It realizes mutual authentication between MT and ISP, while it incurs a minor increase in response time. So the scheme is suitable for anonymous authentication of wireless network.
6 Conclusions
Anonymous authentication technology is an important means of privacy protection in the mobile Internet. A trusted and anonymous authentication scheme is proposed in the paper. It solves the contradictions between user privacy protection and identity authentication. When the ISP provides the services for the mobile terminal, it can authenticate the user’s identity and terminal’s creditability without revealing detail information about mobile terminal both in home network and foreign network. The trusted certificate applied by MT can be used until it expires, which reduces the calculation of PM. In conclusion, the scheme is in line with the actual situation of mobile internet communications, meets the requirements of
Issue 1 ZHANG De-dong, et al. / Anonymous authentication scheme of trusted mobile terminal under mobile Internet 65
privacy protection and identity authentication, so it is suitable for anonymous authentication of wireless network and mobile Internet.
Acknowledgements
This work was supported by the National Natural Science
Foundation of China (60803157, 90812001, 61170271).
References
1. He Q, Wu D P, Khosla P. The quest for personal control over mobile location privacy. IEEE Communications Magazine, 2004, 42(5): 130−136
2. Tang C, Wu D O. An efficient mobile authentication scheme for wireless networks. IEEE Transactions on Wireless Communications, 2008, 7(4): 1408−1416
3. Zhu H, Li H, Su W L, et al. ID-based wireless authentication scheme with anonymity. Journal on Communications, 2009, 30(4): 130−136 (in Chinese)
4. Fu J Q, Chen J, Fan R, et al. An efficient delegation-based anonymous authentication protocol. Proceedings of the 2nd International Workshop on Computer Science and Engineering (WCSE’09): Vol 1, Oct 28−30, 2009, Qingdao, China. Piscataway, NJ, USA: IEEE, 2009: 558−562
5. Chen T H, Chen Y C, Shin W K, et al. An efficient anonymous authentication protocol for mobile pay-TV. Journal of Network and Computer Applications, 2011, 34(4): 1131−1137
6. Li K, Xiu A N, He F, et al. Anonymous authentication with unlinkability for
wireless environments. IEICE Electronics Express, 2011, 8(8): 536−541 7. Mun H, Han K, Lee Y S, et al. Enhanced secure anonymous authentication
scheme for roaming service in global mobility networks. Mathematical and Computer Modelling, 2012, 55(1): 214−222
8. Zheng Y, He D K, He M X. Trusted computing based user authentication for mobile equipment. Chinese Journal of Computers, 2006, 29(8): 1255−1264 (in Chinese)
9. Wu C C, Lee W B, Tsaur W J. A secure authentication scheme with anonymity for wireless communications. IEEE Communications Letters, 2008, 12(10): 722−723
10. Wu Z Q, Zhou Y W, Qiao Z R. Access mechanism of PMP under mobile network. Journal on Communications, 2010, 31(10): 158−169 (in Chinese)
11. Yang L, Ma J F, Pei Q Q, et al. Direct anonymous authentication scheme for wireless networks under trusted computing, Journal on Communications, 2010, 31(8): 98−104 (in Chinese)
12. Liu J Y, Gu L Z, Luo S S, et al. Anonymous authentication scheme for mobile communication. Journal of Xidian University, 2011, 38(1): 176−183 (in Chinese)
13. Brickell E, Li J T. Enhanced privacy ID: A direct anonymous attestation scheme with enhanced revocation capabilities. IEEE Transactions on Dependable and Secure Computing, 2012, 9(3): 345−360
14. Kim H, Shin K G, Dabbous W. Improving cross-domain authentication over wireless local area networks. Proceedings of the 1st International Conference on Security and Privacy for Emerging Areas in Communications Networks (SecureComm’05), Sep 5−9, 2005, Athens Greece. Piscataway, NJ, USA: IEEE, 2005: 127−138
(Editor: WANG Xu-ying)